A guide to data security on DJI’s most advanced corporate drones, which are equipped with a robust suite of features to protect user data. These include Network Security Mode to give users control over their data, AES-256 encryption of video transmission, Cloud API, and AES encryption of SD card.
- Store user data safe: Network security mode
- AES-256 video transmission encryption for added security
- SD Card Encryption – Secure media storage of your device
- Wipeable Data – Erase all device data with one tap
- Cloud data storage security
- Cloud API
- DJI drone device data security
- DJI SDK security
- DJI Statement on Drone Data Security
- DJI Security Features: Summary
- Data security is a crucial consideration for enterprise drone operators, considering the unique role UAS plays as a data capture tool.
DJI’s latest commercial drones come with a full suite of features to ensure users are in control of the data they generate and protect sensitive information from hijackers.
Operators of the M30 Series, M300 RTK, and Mavic 3 Enterprise can therefore use this robust architecture to protect their data.
These features include:
- Network security mode, including local data mode
- Erasing all device data with one tap
- AES-256 video transmission encryption
- Cloud APIs
- SD card AES encryption
- This blog explores these features, including how to enable them and how they improve the security and integrity of sensitive data.
In this regard, DJI keeps reiterating that its systems are safe and secure and that the data security of its products is reviewed repeatedly and has been independently verified. Read DJI’s statement on drone data security at the bottom of this article.
Keep user data safe: Network security mode
DJI says it will not access user data without prior permission.
Operators can grant or revoke permissions at any time through Network Security Mode, which is found within the DJI Pilot ecosystem and can be accessed via the remote controller.
Permissions that can be turned on or off include access to a piece of device information, flight recordings, device logs, and the ability for DJI to share device location with third-party map service providers to view location on the map.
Within Network Security Mode, you can choose between three modes, which offer different levels of customization and permissions. These modes are:
1: Standard mode
DJI Pilot connects to the Internet and works normally. Standard mode features and functions can be turned on or off.
2: Limited network mode
To protect operator data, many of DJI Pilot’s features and functions are disabled and cannot be activated, with the exception of Map Service, Network RTK, and Third-party Cloud Services, which can be activated or deactivated.
If operators want to use a map without activating Map Service in Limited Network mode, they can use MapTiler’s offline map to continue with a mapping service. This will prevent information from being sent to third-party map service providers.
MapTiler is headquartered in Switzerland. Your maps do not contain spy codes and the IP addresses of MapTiler Cloud visitors are stored only for a limited period of time, necessary for security checks; the maximum time is 20 minutes, then they are destroyed automatically. For more details, click here.
DJI also used American-based Mapbox for this extra-secure method of accessing maps.
Using a limited network mode does not affect other apps on your smartphone or tablet.
3: Local data mode
Local Data Mode offers government and commercial customers the additional assurance that the data generated during drone operations are effectively protected.
This is an Internet connection “switch” feature within DJI’s command and controls mobile applications that, when activated, prevent the application from sending or receiving data over the Internet.
The application shuts down all data services and does not send network requests to protect your data. The features and functions of this mode will be disabled, with no option to enable them.
Local data mode allows you to use your device completely offline. In this case, the user does not need to log in to their DJI account.
With Local Data Mode enabled, drone operators can easily and effectively cut all network connections from DJI’s mobile applications and prevent data from being transferred to DJI or other parties.
Enabling Local Data Mode, similar to Airplane Mode in smartphones and other mobile devices, should help ensure drone operators that all data remains local and under their control.
To use maps in Local data mode, you must first download the map in Standard mode and then switch to Local data mode.
Note that Local Data mode is available in the DJI Pilot, DJI GO4, or DJI Fly controller apps to provide a better guarantee of data privacy during sensitive missions.
Network Security Mode: Features in detail
The following table explains the purpose of each Network Security Mode feature and its impact on switching between Standard Mode, Limited Network Mode, and Local Data Mode.
|Feature||Purpose||Standard Mode||Restricted Network Mode||Local Data Mode|
|Map Service||Displays the location of your mobile device and DJI devices on the map in real time while your aircraft is in flight.|
Enabling Map Service allows third-party map service providers to access the location information of your mobile device and DJI devices.
|Toggle on or off||Toggle on or off||Off|
|Network RTK||Provides RTK data to your DJI devices from a third-party RTK service provider.|
Network RTK helps you use your DJI devices with high-accuracy positioning data. Third-party RTK service providers will gain access to your device’s location information only when you are using Network RTK service. Your DJI devices’ location information will be used for requesting data from nearby RTK base stations.
|Toggle on or off||Toggle on or off||Off|
|Third-party Cloud Services||Supports GB28181 protocol, RTMP, RTSP, and DJI IoT API. |
Only when you choose Third-party Cloud Services will DJI Pilot sync DJI device serial numbers, GPS location information, flight speed, real-time image transmission, aircraft attitude, camera attitude, sensor data, and livestream protocol to DJI servers in accordance with livestream protocol.
|Toggle on or off||Toggle on or off||Off|
|Device Update||Includes checking for updates and downloading update packages for your DJI devices and DJI apps.|
Keeping your DJI devices and apps updated helps ensure optimal user experience. Enabling Device Update allows DJI Pilot to sync the following information for checking updates and downloading update packages: Account information, DJI devices firmware versions, and DJI app versions.
|Toggle on or off||Off||Off|
|Sync Logs||A convenient tool for uploading DJI device logs. |
DJI Pilot will sync your account information and DJI device logs to DJI servers only when you choose to upload them. The logs contain various DJI device status information, including, but not limited to, the DJI device serial number, flight trajectory, flight speed, and sensor data. This information will only be used to help DJI Support locate issues with the device.
|Toggle on or off||Off||Off|
|Sync Flight Records||A convenient tool for syncing DJI device flight records.|
DJI Pilot will sync your account information, DJI device serial numbers, location information, flight trajectory, flight speed, and sensor data to DJI servers only when you choose to update them.
|Toggle on or off||Off||Off|
|FlightHub 2 Cloud Platform||Only after DJI Pilot users login into FlightHub 2 will the Pilot sync data such as account, device, GPS location, aircraft speed and attitude, and real-time image transmission data to FlightHub 2.|
Sharing data with team members through FlightHub 2 can increase team efficiency.
|Toggle on or off||Off||Off|
|DJI Product Improvement Project||DJI would like your help to improve the quality and performance of its products by collecting and sending device diagnostics and usage data.|
No DJI account details or personal information will be collected for this purpose.
|Toggle on or off||Off||Off|
|Fly Safe||Includes update checks and downloads for the Precise Fly Safe Database and unlocking license synchronization.|
It increases flight safety by providing more accurate geo-zone information and is also a convenient and efficient way to unlock licenses from DJI. Enabling Fly Safe allows DJI Pilot to sync your DJI device information, the Precise Fly Safe Database version information, and GPS fuzzy location information to DJI servers for checking for and downloading updates and for updating temporary geo-zone data.
DJI Pilot only syncs your account information and DJI device serial number with DJI servers to unlock the license when you use the license synchronization function.
|Toggle on or off||Off||Off|
Network Security Mode: Enabling and disabling features
The following screenshots show how DJI Pilot 2, DJI Pilot’s newest application, works.
For example, the next set of images shows the Map Service and Network RTK features of Network Security Mode and how Standard Mode, Limited Network Mode, and Local Data Mode affect usage.
In Standard mode, users can choose to enable or disable Map Service and Network RTK…
…but in Local Data mode, Map Service and Network RTK are off by default and there is no option to turn them on.
The next set of screenshots shows how other Network Security mode features, in this case, device update, can still be turned on and off in Standard mode…
…but now they are disabled, with no option to activate, in Limited Network mode…
… and in Local Data mode.
How to enter network security mode
How do I choose network security mode settings?
Still taking the DJI Pilot 2 as an example, click on the shield at the top left of the remote controller screen…
… to display this menu in the Data and Privacy section. Click on the Standard Mode box to the right to activate a drop-down menu that allows you to choose between this mode, Limited Network Mode, and Local Data Mode.
AES-256 video transmission encryption for added security
The data transmitted between the drone and the remote controller on the ground is protected by the AES-256 encryption algorithm.
The communication between the DJI Pilot app and the server is also secured by HTTPS or WebSockets over SSL/TLS (WSS) protocol to prevent hijacking by third parties and protect against man-in-the-middle attacks.
How AES-256 encryption works to protect DJI drone data
AES encryption has become the industry standard for data security. AES is available in 128, 192, and 256-bit implementations, with AES-256 being the most secure.
The three types of AES also vary in the number of encryption cycles. AES-128 uses 10 cycles, AES-192 12 cycles and AES-256 14 cycles. The higher the number of cycles, the more secure the encryption.
For this reason, AES-256, used by DJI, is considered the most secure encryption system ever.
AES-256 encryption secures the OcuSync communication system (used in DJI drones) and DJI’s 4G LTE communication (in drones such as the DJI M300 RTK) which protects users from hijacking near and far communications, man-made attacks -in-the-middle and communications encryption.
SD Card Encryption – Secure media storage of your device
Setting a security code helps ensure the safe use of your media files. This operation can be performed via the Data and privacy page of the remote control in the Pilot app.
When the password function is enabled, data stored in the SD card or onboard memory can only be accessed after providing the user-defined password.
The security code will be required when accessing SD card contents via DJI Pilot and DJI Pilot 2.
It is interesting to note the following:
The security code is not saved on the device nor can it be accessed by DJI. This means that the password cannot be recovered if the user forgets it.
The security code cannot be reset. If the security code is lost, format the memory card for reuse.
The memory card will be formatted if the security code is disabled.
Security code settings are only available for Zenmuse H20, Matrice M30, and Mavic 3 Enterprise series cameras. Other cameras, such as the Zenmuse L1 and P1, and third-party payloads are not currently supported.
Wipeable Data – Erase all device data with one tap
Users can choose to erase all data generated while using DJI devices. To clear the data, access the DJI Pilot or DJI Pilot 2 app to clear the device and app caches and logs.
Press the Erase All Device Data button from the Erase DJI Device Log tab.
This resets the operating system of the remote controller and clears flight records, short flight records, app logs and local media data, flight route files, and other data.
The cache can be removed by pressing the DJI Pilot Cache tab.
If you decide not to use DJI’s services anymore, please send an email to [email protected] to ask DJI to delete all data associated with your account.
Secure data storage in the cloud
DJI’s data centers are built on Amazon Web Services (AWS) and Alibaba Cloud. Alibaba Cloud is only used for Mainland China customers. Amazon Web Services is used for all other regions.
Both are known for their safety qualifications and high reliability. AWS has achieved ISO 27001/27017/27018 compliance certification, while Alibaba Cloud has achieved ISO 27001 compliance certification, CSA STAR certification, and independent SOC (Service Organizational Control) audits.
Amazon Web Services describes itself as the most secure cloud computing environment available today and a network architected to protect information, identities, applications, and devices. For more details about AWS, please visit the official site.
DJI users are not required to store any data with DJI. If they choose to do so, their data is stored in DJI’s data centers, which are equipped with a multi-layered protection mechanism.
DJI states that it will not pass users’ personal information or data through data centers and will not share any data with third parties. Sensitive information, such as email addresses, mobile phone numbers, and location information, is subjected to additional AES-256-CBC encryption.
The launch of the Cloud API mainly solves the problem of developers having to reinvent the wheel.
For developers who do not need in-depth app customization, they can directly use DJI Pilot 2 to communicate with third-party cloud platforms, and developers can focus on the development and implementation of cloud service interfaces.
Based on common standard protocols such as MQTT, HTTPS, and WebSockets, the DJI Cloud API sufficiently abstracts the feature set. It isolates the complex logic of drone hardware operations, allowing DJI developers to focus on their business without worrying about the underlying flight logic.
Furthermore, DJI Cloud API can adapt to any network, as long as the DJI Pilot 2 or DJI Dock can access the third-party platform server.
DJI drone device data security
DJI drones come with strong device data security.
Data is generated, processed, and stored during the use of the drone.
The specific data types and detailed descriptions are as follows:
DJI SDK security
DJI produces several SDKs, including Mobile SDK, UX SDK, Onboard SDK, and Payload SDK.
DJI Mobile SDK
Using the Mobile SDK (MSDK), developers can build iOS and Android applications that wirelessly interface with drones. The MSDK creates a custom mobile application to unlock the potential of the aerial platform that helps realize developer innovations.
When developers use DJI MSDK to develop applications or users use applications developed by DJI MSDK, the following features trigger network interactions:
|SDK Registration and|
|When developing an app via the MSDK for the first time, or when the user runs an app developed by the MSDK for the first time, the MSDK will connect to a DJI server for activation.||No|
|Firmware Update Check||When the user connects a device with an app|
developed by the MSDK, the latest firmware
information will be pulled by the MSDK from the server and the user will be prompted to update.
|Geo Zone Database Update||When the user connects a device with an app|
developed by the MSDK, the latest Geo Zone
the database will be pulled by the MSDK from the server to help fly in accordance with local laws and regulations.
|Country Code||The current user’s country code will be obtained.|
This information will mainly be used to set up the
remote controller’s frequency band.
|User Experience Information||When the user uses an app developed by the MSDK, the MSDK will record the API calling status to optimize and improve functionality. Recorded statistics only include API calling status and do not contain any personal information. If the user turns off user experience information in the privacy settings of the app, then this data will not be uploaded.||Yes|
|DJI FlightHub||(Optional) When the developer calls the DJI FlightHub|
related API in the MSDK, communication with the DJI
FlightHub server will be established.
|DJI User Centre||(Optional) When the developer calls the DJI User|
Center-related API in the MSDK, communication with
the DJI User Center server will be established.
|Third-Party Network RTK|
|(Optional) When the developer calls the API in the|
MSDK that interacts with a third-party network RTK
service, communication with the third-party network RTK service will be established.
Considering that some governments require high standards for privacy, Local Data Mode (LDM) is provided by DJI MSDK. Developers can equip apps with LDM mode.
When LDM mode is activated, network connections are interrupted. Note that for both regular and LDM-enabled apps, users must complete registration and SDK activation when using the app for the first time.
Activation only needs to be completed when using the app for the first time. For LDM-enabled apps, once activation is complete, users can enable LDM to drop all network links.
DJI Onboard SDK
The DJI Onboard SDK (OSDK) helps create automated applications for supported DJI enterprise aircraft devices and A3 and N3 flight controllers.
supported and A3 and N3 flight controllers.
To develop applications based on the OSDK, developers need to request an ID and its key on the DJI developer website.
Whenever users use the applications developed by the OSDK, they need to enter the ID and key applied by the developer for activation. A network connection is required for the first activation. Upon activation, the flight control module records the ID and subsequent activations can be performed offline until the ID is cleared from the flight control module.
When using the Flight Control API via the OSDK, relevant flight commands and flight states are logged from the Flight Log.
During the activation process, the flight control module will also record the user ID in the flight log. The user can actively export the flight log via DJI Assistant 2 and the exported flight log will be encrypted.
Some of the DJI OSDK code is open source. Refer to the following links:
DJI Payload SDK
DJI Payload SDK (PSDK) is a type of SDK that allows third-party manufacturers to develop application-specific payloads that integrate seamlessly with DJI flight platforms.
Developers must first register a DJI PSDK company account, which is used to associate the DJI PSDK-developed application with the DJI SKYPORT adapter.
Once the binding is complete and the third-party payload is connected, communication between the payload and the aircraft will be transmitted through the adapter.
During the use of the PSDK, a log is automatically generated which mainly records the commands and errors related to the functions of the PSDK. The registry does not include user data and can be exported by users according to their needs, but it is not uploaded automatically.
While using SKYPORT, a log is automatically generated which mainly records information such as CPU usage, interface bandwidth, device type, supply voltage, and activation status.
Users can manually export logs according to their needs and not upload them automatically.
While using PSDK, the following functions can trigger network interaction:
|PSDK binding with SKYPORT||When developers develop an app via the PSDK, the app needs to be bound with DJI SKYPORT. During the process, the SKYPORT adapter will verify information such as user account, product name, and product ID with the server through the MSDK.||No|
|PSDK unbinding with SKYPORT||PSDK applications can also be unbound from DJI SKYPORT. During the process, the SKYPORT adapter will also verify information such as user account, product name, and product ID with the server through the MSDK.||No|
|User experience data||This data mainly records the usage time of each PSDK function, version information, developer information, GNSS location information after reducing accuracy (reducing accuracy to a 10 km radius), etc. Users can turn off the authorization of user experience data upload in the Privacy Settings tab in the app or DJI Assistant 2.||Yes|
DJI UX SDK
DJI UX SDK provides user interface elements for all major functions, allowing developers to quickly create mobile applications without additional lines of code.
Since the main function of the UX SDK is to provide user interface elements, an internet connection is not required while using the UX SDK.
However, when using the DJI Map Kit, users can embed a third-party map widget, which can activate an Internet connection with the third-party map during use.
UX SDK is an open-source project. Users can download its source code from the DJI developer website or DJI DJI SDK official GitHub website.
DJI Statement on Drone Data Security
These features demonstrate how DJI takes data security seriously and enables users to keep their sensitive data safe.
In a comprehensive statement, DJI disclosed its approach to data security.
It is read:
DJI builds privacy protections into its systems and gives all users control over how their drone data is collected, stored, and transmitted.
Flight logs, photos, and videos were taken while using the drone are never automatically transmitted to DJI or third parties, and users can always control whether or not to share this data with anyone.
Operators can also take additional steps to ensure the security of the data collected by their drones.
For example, DJI drones can be used without an internet connection, offering a simple, effective, and easily verifiable way to ensure that no drone data is sent anywhere, even inadvertently.
It is important to note that corporate customers are not obligated to use DJI software as we are not in the data collection business. We supply hardware and do not profit from user data.
If an agency prefers the configurations and security features of drone software developed by other companies around the world, they can choose from dozens of third-party options. DJI serves to build a better world by continuously promoting human progress, safely and securely.
For these reasons, DJI products are safe and secure even in the most delicate missions”.
DJI Solutions “Trusted Around the World
DJI says that, by February 2023, there will be more than 750 public safety entities, including national, regional, and local police forces in Europe alone, as well as firefighters and search and rescue organizations, using and trusting DJI drones.
DJI’s data security statement continues:
Governments and businesses around the world trust and use our products because they keep their data safe.
A wide range of independent security validations, from government agencies and private cybersecurity companies, has confirmed that DJI products are built with robust safeguards for data integrity.
We are aware of critics and competitors who have claimed otherwise; simply put, their claims are false.
We are also aware of various claims made over the years by cybersecurity researchers who have found vulnerabilities in our products, as happens with all software from all manufacturers. DJI has faced this challenge head-on and led its competitors by developing the first Bug Bounty Program in the drone industry.
To date, DJI has paid more than $100,000 to more than 100 researchers who have responsibly identified vulnerabilities so they can be fixed.
The data security of DJI products has been repeatedly scrutinized, and the fundamental strength of their security architecture remains undeniable.
The fact that drone users in government and critical industries continue to rely on DJI demonstrates that when our products are evaluated on technical and factual grounds, and not on headlines or innuendo, their usefulness and safety remain unmatched.”
DJI Security Features: Summary
DJI drones are a great data collection tool, but it’s crucial that operators feel confident in the integrity and security of this information.
Recognizing this and using the DJI Pilot app ecosystem, DJI’s most advanced enterprise platforms are equipped with robust processes to ensure users’ control over the data generated and that it is encrypted and protected from hijackers.
DJI’s security architecture is sure to evolve over the coming months and years to provide operators with even more excellent protection and reassurance about their drone data.
To download DJI’s data security white paper, click here.